package com.repair.security;

import com.repair.entity.User;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;

@Component
public class CustomPermissionEvaluator {
    
    private static final Logger logger = LoggerFactory.getLogger(CustomPermissionEvaluator.class);

    public boolean hasPermission(Authentication authentication, HttpServletRequest request) {
        String path = request.getServletPath();
        logger.debug("开始检查权限 - 请求路径: {}", path);
        
        // 1. 检查是否是公共路径
        if (matchAnyPath(request, SecurityConstants.PUBLIC_PATHS)) {
            logger.debug("匹配到公共路径，允许访问");
            return true;
        }

        // 2. 检查认证状态
        if (authentication == null || !authentication.isAuthenticated()) {
            logger.debug("用户未认证，拒绝访问");
            return false;
        }

        // 3. 获取用户信息
        Object principal = authentication.getPrincipal();
        if (!(principal instanceof User)) {
            logger.debug("Principal不是User实例，拒绝访问");
            return false;
        }

        User user = (User) principal;
        logger.debug("用户角色: {}, 用户ID: {}", user.getRole(), user.getId());

        // 4. 根据角色检查权限
        boolean hasPermission = false;
        
        switch (user.getRole()) {
            case 1: // 管理员
                hasPermission = true;
                logger.debug("管理员角色，允许访问所有路径");
                break;
                
            case 2: // 维修工
                hasPermission = matchAnyPath(request, SecurityConstants.REPAIRMAN_PATHS);
                if (!hasPermission) {
                    // 如果不是维修工专属路径，检查是否是用户通用路径
                    hasPermission = matchAnyPath(request, SecurityConstants.USER_PATHS);
                }
                logger.debug("维修工角色 - 路径匹配结果: {}", hasPermission);
                break;
                
            case 0: // 普通用户
                hasPermission = matchAnyPath(request, SecurityConstants.USER_PATHS);
                logger.debug("普通用户角色 - 路径匹配结果: {}", hasPermission);
                break;
                
            default:
                logger.debug("未知角色类型: {}", user.getRole());
                hasPermission = false;
        }

        logger.debug("最终权限检查结果: {}", hasPermission);
        return hasPermission;
    }

    private boolean matchAnyPath(HttpServletRequest request, Collection<String> patterns) {
        String path = request.getServletPath();
        for (String pattern : patterns) {
            AntPathRequestMatcher matcher = new AntPathRequestMatcher(pattern);
            if (matcher.matches(request)) {
                logger.debug("路径 {} 匹配模式 {}", path, pattern);
                return true;
            }
        }
        logger.debug("路径 {} 未匹配任何模式: {}", path, patterns);
        return false;
    }
} 